How Much Should IT Cost? A Finance Director's Guide to IT Spend

For many organisations, IT has quietly become one of the largest and least transparent areas of spend. It often grows incrementally - a new system here, a security tool there, a project that runs over budget, another vendor added to solve a problem created by the last one. The result is familiar: businesses frequently find themselves paying far more than necessary, without a clear understanding of what they are actually getting in return.

This is not a criticism of internal IT teams. Most are doing the right thing with the resources available. The challenge is structural. Modern IT environments are complex, data-heavy, and constantly evolving. No single team or approach can easily cover everything. That is why many organisations are moving towards either a fully outsourced IT model or a hybrid model where an internal team works alongside a specialist managed IT partner. Both approaches can work well, provided they are built on shared data, clear accountability, and measurable outcomes.

Start with a Simple Benchmark

IT spend is commonly measured as a percentage of revenue. A practical rule of thumb covering all IT spend - capital expenditure, operational expenditure, monthly fees, and ad-hoc costs - is as follows: 3% represents basic IT, keeping systems running with minimal investment; 4-6% reflects modern, secure, well-run IT with proactive support and appropriate security controls; 7% or more is typical for digital-first, regulated, or high-growth organisations where technology is a core competitive differentiator.

Most businesses fall somewhere between 3% and 7%. However, this benchmark alone does not tell you whether you are spending effectively. A business at 3% may be dangerously under-invested in security. A business at 7% may be overpaying for poorly integrated tools. The percentage is a starting point, not a verdict.

Why Sector Matters More Than Size

IT spend varies significantly depending on the type of organisation, and comparing your spend against the wrong peer group leads to the wrong conclusions. The table below provides a practical sector reference.

Finance firms are not overspending on IT. They are heavily regulated, highly data-driven, and exposed to significant cyber and compliance risk. In this environment, IT is not just support - it is part of the control framework of the business. For financial services organisations, the cost of a breach or a compliance failure far exceeds the cost of well-run IT.

What Does This Look Like in Practice?

Rather than focusing purely on percentage of revenue, it is more useful to break IT down into its core components. The table below shows a typical monthly IT cost breakdown for a 100-user firm with £15 million turnover, excluding hardware and project costs. This is the run-rate spend that a Finance Director should expect to see on a recurring basis.

Annualised, this translates to approximately £108,000 at the low end (0.7% of revenue, basic IT service), £192,000 at the mid range (1.3% of revenue, proactive and security-focused), and £306,000 at the high end (2.0% of revenue, technology-first strategy). This often surprises Finance Directors. The reality is that core run-rate IT is usually lower than expected. The higher percentage benchmarks typically include large transformation projects, cybersecurity programmes, infrastructure upgrades, and one-off investments. IT cost is not just a monthly number - it is a combination of run costs and change investment.

The Real Question Is Not Cost. It Is Value.

The most important question a Finance Director can ask is not how much we spend on IT, but what we get for it. Three dimensions of value are worth examining in detail.

Risk-Adjusted Spend

Lower spend often hides higher risk. Reducing IT costs can mean delayed patching and updates, reduced monitoring, and gaps in compliance. These risks may not be visible day to day, but when they materialise, the financial impact is often significant - and typically far greater than the cost of well-run IT. For many organisations today, IT spend is a form of risk mitigation, not an overhead. Cybersecurity and compliance investment in particular should be evaluated in terms of the risk it removes, not just the line item it represents.

Visibility vs Cost

Many organisations do not have a clear view of their IT environment. Common gaps include total IT cost, cost per user, cost per incident, risk exposure, IT performance trends, and a full asset register. Without this visibility, decision-making becomes reactive and completely unaware of real risk exposure. A key requirement in any modern IT model is the ability to aggregate and interpret data across the entire IT estate - otherwise the organisation is flying blind.

This is where structured reporting becomes essential. Wavex IT dashboards bring together service performance, security posture, asset visibility, and commercial data into a single shared view for Finance, IT, and leadership. This enables informed decisions rather than assumptions, and gives Finance Directors the data they need to hold IT accountable.

Reactive vs Proactive IT

Two organisations can spend the same amount on IT and get very different results. One is constantly dealing with issues; the other resolves problems before users are impacted. The difference is not budget - it is capability. Modern IT environments generate huge volumes of data. Without automation and AI, it is impossible to process this effectively. Leading IT functions now automate common fixes, use AI to identify patterns and predict issues, and free up engineers to focus on higher-value work. This is what turns IT from reactive support into a proactive function - and it is what AI-augmented operations delivers in practice. Our article on the hidden risks of reactive IT managed services explains in detail how reactive IT erodes value over time, often without the organisation realising it is happening.

Choosing the Right Delivery Model

How IT is delivered has a direct impact on both cost and performance. An in-house only model offers strong understanding of the business but is often limited by scale and tooling. A fully outsourced model provides access to broader expertise and economies of scale, but requires strong alignment to the organisation's strategy - many IT providers adopt a cookie-cutter approach to delivery that does not reflect the specific needs of the business.

For larger firms, a hybrid model is increasingly the preferred approach. The internal team retains control and business context, while the external partner provides scale, tooling, and 24/7 capability. Shared data ensures alignment between both parties. The key to success is transparency and shared visibility - which is why the choice of managed service provider matters as much as the delivery model itself. If you are considering a change of provider, our guide on switching IT provider without disruption explains how to manage the transition safely.

Budgeting IT More Effectively

A structured financial approach to IT separates costs into five categories: licensing, managed services, projects and ad-hoc work, internal IT staff, and capital spend. This separation allows for better forecasting, easier benchmarking against industry peers, and clearer identification of inefficiencies. It also makes it easier to have a productive conversation with the board about IT investment.

It is also important to work with providers who offer clear itemised invoices, predictable monthly costs, fixed-fee projects, and commercial dashboards to track and model spend. Another common issue is fragmented contract management. Keeping all warranties, subscriptions, and renewals in one place avoids unexpected costs and the kind of invoice surprises that erode trust between Finance and IT. An IT strategy and consulting engagement can help establish this structure if it does not already exist.

What Good Looks Like

From a Finance Director's perspective, effective IT should deliver predictable and transparent costs, clear visibility across performance and risk, no unexpected subscription or warranty expirations, a 12 to 24-month costed IT roadmap aligned to business priorities, and continuous improvement over time. These are not aspirational goals - they are the baseline expectation from a well-run IT function or a high-quality managed service provider. Our guide on what good IT looks like sets out the full benchmark across governance, environment standards, and risk management.

How Wavex Supports This Approach

Wavex is designed to operate either as a full IT provider or alongside an existing in-house team. Key elements include IT dashboards providing visibility across service, security, and assets; commercial dashboards enabling cost tracking and forecasting; clear fixed-fee pricing for managed services; projects delivered on a fixed-fee basis; and backend AI handling large volumes of data, supporting engineers and improving response times. This ensures that IT is aligned with both operational and financial objectives.

If you are reviewing your current IT spend or evaluating a new provider, the Wavex team is happy to provide a benchmarking review and a no-obligation assessment of your current environment. Book a consultation to start the conversation.

Frequently Asked Questions

Sources

This article draws on the 2026 IT Budget Benchmark, Computer Economics IT spending benchmarks by industry and size, McKinsey banking IT spend analysis, Avasant and Gartner-style industry benchmarks, and Deloitte and Flexera SME IT spend studies.